Using Performance Indicators in the Forest Industry

A good number of SME leaders in the forest industry make decisions without objective, accurate information.

To improve the performance of their businesses, it’s essential that they measure the factors affecting the main stakes.

It’s important to do a real time follow up of the key indicators of operations management, such as: the overall rate of return (availability, efficiency, quality), the equipment’s utilization rate, workers’ productivity and the unit cost of production. With this information, work methods can be quickly and efficiently adjusted.

Current technology makes it possible to acquire a substantial amount of information, at low cost, for both forestry entrepreneurs and those performing harvesting, transportation and road work. The use of GPS data, digital forms, forest inventory results and geomatics data provides appropriate accuracy for analyzing a wide range of key indicators.

While using Excel to present scorecards is obviously the most affordable method, the program has its limitations in terms of data presentation options and security. Furthermore, users must be fairly proficient to develop complex scorecards. When the databases grow and information comes from numerous sources, the use of a spreadsheet presents further risks of error and requires manipulation time.

An increasingly interesting option to consider is the use of cloud Web platforms. Data can easily be stored and secured online and the rights can be controlled from users’ accounts at different access levels. The results are available in real time on a webpage and can be consulted from any device, e.g. a computer, phone, tablet computer or even a television. Furthermore, this formula is much more flexible from a visual presentation point of view and is much less restrictive than traditional spreadsheets.

However, while this solution offers a world of benefits, it incurs monthly implementation and maintenance costs. It must therefore be determined whether it’s preferable to acquire internal resources or call upon an external service provider. The quality of the platform and the maintenance cost will be the two deciding factors.

Integrating performance management tools takes time and effort, which represents an obstacle for most forestry entrepreneurs. They have to plan for communication issues with external systems and difficulties these might have with certain existing sources of data. Then this data would have to be measured, and the results monitored, and entrepreneurs would have to react accordingly. The Université Laval’s research project on forestry transportation and harvesting entrepreneurs, PRÉfoRT, demonstrated that without coaching, most entrepreneurs neglected their performance management system due to a lack of time and internal resources.

In conclusion, monitoring performance through scorecards would be beneficial for businesses. This would enable companies to not only to keep an eye on the different factors affecting profitability or attaining goals, but also to be able to observe trends in how these indicators are changing and respond faster, as applicable. Moreover, it would also be possible to measure the impact of certain organizational changes and report financial and operational anomalies.

References:

Antoine Larochelle Benoit, F.Eng. with LBprofor

LBprofor offers professional forestry services and supports businesses in complying with requirements and improving performance. LBprofor uses scorecards to monitor the performance of its operations and also encourages its clients to integrate these tools while making sure to carefully select indicators based on defined objectives.

Hacking battles: interview with Pierre Roberge from Arc4dia

We hear about nations spying on each other, of geeks hacking large corporations just for fun; how can I know if my company is at risk?

We are all at risk. The questions really are: “How much are we at risk?” and “To what kind of risk are we exposed?” As you have enumerated already, there are many potential attackers, and understanding what our highest value information is will help us answer who could be after us. To keep it simple, let us use Marc Théberge’s, Chief Cyber Security Operations at Arc4dia, categories of attackers: The Gangster and The Traitor.

The Gangster will contemplate exploiting you for a quick win, quick profit, while the Traitor looks at exploiting you for long-term profit.

Ransomware being the superstar for the Gangster has been recently affecting all of us. Either in direct fiscal losses of $1B in 2016 or in mission critical information such as police loss of nine years of evidence, the range impact on business has led to some business closures. Thankfully, you can protect yourself from it by making sure you have at least two (2) backups at all time. And remember, only verified working backups are valid backups.

The Botnet is still around in the Gangster category, making damage by exploiting more and more Internet of Things (IoT) and home routers. This one is a bit trickier as many of the IoT devices simply cannot be updated or patched to protect them against known exploitation vectors.

The best mitigation strategy at the moment is to keep them isolated from direct external Internet access. There are a few technologies worth looking into lately such as the Google Wi-Fi router as well as the F-Secure Sense, both offering some level of protection for our very vulnerable home IoT devices.

As if the Gangster was not problems enough, here comes the most dangerous threat against your company: the Traitor.

The Traitor will go to a great extent to either cause high profile reputable damage or stay hidden to steal as much as possible from you for profit in the long run.

We have seen all sorts of very creative hacking to reach such goals by criminals or state-sponsored acting in the best interest of their local industry. Defending against such actors is the subject of long studies and professional work, but let us try to isolate some ideas for a better understanding of the problem.

The Traitor will seek to breach your privacy by breaching your security in order to target your most valuable information. To preserve your privacy, the first step is to take time to identify what is your high-value information and high-value reputation.

For example, we know of attackers targeting the core systems to gain access to:

Intellectual property,

Critical infrastructure,

International strategies,

Acquisition plans,

Quotes,

Know-how,

Etc.

Some of our clients need to bid internationally to acquire some resources. Hackers have targeted the executives in charge of performing such a bidding process with the intent of outbidding them at lowest overhead costs as possible. Such mission critical information losses have been the cause of large companies foreclosing in the last 10 years and even more.

Others are suffering from privacy information leaks. It is very common for companies with very sensitive information in hands to have to pay a ransom in exchange for privacy otherwise they would lose the trust of their clients. These ransom payments are happening behind closed doors and do not make it to the public knowledge, but they are good examples of where to look to identify where we are at risk. The information on ransom paid is very limited, but we can go as far back as the year 2000 when the FBI released information that more than 40 companies had paid ransoms over $100,000 to avoid information release within the last year.

To summarize, if you run a successful business, you are at important risk, especially nowadays with such a rise in criminal hacking.

We see nothing, but we hear about the “hacking battle”; how have threats evolved in the last few years?

True enough, hacking battles are happening, in fact some security vendors like to outline that some of their clients have had almost all the strains of possible advanced malware out there and that they look there when they suspect something is going on.

The threats certainly have evolved. The advanced malware has lowered the number of targeted hosts in exchange for value to optimize the return on investment in their technology against the infosec community after suffering more and more exposure in the recent years.

The rise of ransomware, now possible because of cryptocurrencies such as Bitcoin, has brought a new type of malware in the sense that it is not trying to hide. It is simply acting in a brute force and fast matter.

At the opposite end of the spectrum where stealth is critical for the malware success, we are seeing a rise in fileless malware. This malware avoids touching the system disks in favour of living in memory, only making it much harder to detect.

We heard of the “hunting malware” type of defence, what is it?

Traditionally, the anti-virus was attempting to keep your computers clean of any viruses. This method was very effective at finding the known malware or the already seen before malware. This was an effective way of stopping the viruses because spreading methods were much slower, especially before the Internet days.

Fast forwarding to 2017, these techniques are applying machine defence mechanism fighting against a very dynamic threat controlled by humans. The “old” approach is effectively a machine vs human fight and the machines, in this case, are losing radically.

Malware hunting is bringing the fight at the human vs human level by being dynamic and continuously connected to the protected hosts. Malware hunters are performing live forensic analysis on computers with suspicious alerts without interrupting them.

So what is the best protection strategy, considering the costs involved?

Start with their top 4 recommendations and add an Endpoint Detection and Response platform supported by quality malware hunting managed service. Dedicated malware hunting services are part of defensive strategies to free up time in favour of hardening the environment instead of running around trying to stop potential hackers inefficiently.

Let the old techniques cycle out. We have many high-profile clients letting go of expansive SEIM and IDS/IPS services in favour of cheaper ones or even simpler and more effective techniques as mentioned before.

For small businesses, I would add to this to make sure you have a very simple VPN service on all devices that are going out of your premises. Services such as Freedome by F-Secure are simply too cheap, easy and efficient to pass on. They will protect users from several local attack types while at the local café or the airport.

Pierre Roberge: An 11-year veteran of the Communication Security Establishment (CSE), Pierre led advanced technical teams tasked with protecting Canada’s national interests in cyberspace. While the majority of Pierre’s projects remain classified, Pierre established a strong reputation among ‘5- Eyes’ nations as a leading expert and innovator in cyber intelligence operations.

His declassified awards include the CSE Excellency Award and the Chief of the Defence Staff Commendation. While working alongside British and American counterparts, Pierre lead teams of 100+ members to combat the most advanced cyber threats originating from both state and non-state actors.

Pierre is experienced in working within a complex, enterprise-level networking environment using the most advanced technologies. His technical experience ranges from securing low-level infrastructure and endpoint systems to interfacing with dynamic and cross-functional networks.

Next article

Mandatory Disclosure: Beware of Penalties!

Further to the March 26, 2015 budget, Bill 112, adopted February 8, 2017, implements the Finance Minister’s intention to extend the obligation to produce a disclosure form for tax credits that exceed $25,000.

This disclosure must be made if one of the following conditions is met:

Remuneration is conditional (this is the condition most likely to apply);

Taxpayers sign a confidentiality agreement;

Taxpayers receive contractual protection.

Deadline for filing the disclosure

In the case of refundable tax credits, the deadline is the same as the one granted to submit the prescribed form. For corporations, this corresponds to 18 months after year end. In other cases, when the transaction is realized after this deadline, it is extended to the transaction realization date.

Revenu Québec grants a 60-day period, up to April 9, to file missing returns. As for refundable credits, it’s not necessary to file a disclosure for fiscal years ended before January 1, 2014.

Penalty

The penalty is $10,000 plus $1,000 per day, as of the second day, up to a maximum of $100,000. Furthermore, the prescription period has been extended. At the symposium, La RS & DE et autres mesures incitatives à l’innovation, presented on February 23 and 24, 2017 by the Association de planification fiscale et financière, Revenu Québec specified that the penalty would not be automatic. However, given the amounts in question, better safe than sorry!

Next article

Tax Bulletin – 2017 Federal Budget: Building a strong middle class

Federal Minister of Finance, Bill Morneau, presented his budget on March 22, 2017. The government is continuing with its planned focus on building a strong middle class through innovation, skills, partnership and fairness. Budget 2017 focuses on giving talented people the skills they need to drive our most successful industries and high-growth companies forward, while investing in Canadians’ well-being through a focus on mental health, home care and indigenous health care.

Forecasted deficits

As widely anticipated, the budget projects significant deficits over the next several years. The government forecasts a deficit of $23 billion for 2016–17 and $28.5 million in 2017–18. Over the next four years, deficits are expected to decline gradually from $27.4 billion in 2018–19 to $18.8 billion in 2021–22.

Canada continues to have the lowest total government net debt-to-GDP ratio of all G7 countries. The federal debt-to-GDP ratio is projected to decline gradually after 2018–19 reaching 30.9 percent in 2021–22.

Investing in priorities

The government is committed to making smart, necessary investments in the economy to ensure a thriving middle class, and remains committed to a responsible approach to fiscal management.

The government will initiate three new expenditure management initiatives:

A comprehensive review of at least three federal departments (to be determined), with the aim to eliminate poorly targeted and inefficient programs, wasteful spending and inefficient programs, and ineffective and obsolete government initiatives.

Initiate a three-year review of federal fixed assets to identify ways to enhance or generate greater value from government assets.

Initiate a review of all federal innovation and clean technology programs across all departments, as federal programs are dispersed to simplify programming and better align resources to improve the effectiveness of innovation programs.

The government will report on the progress of these reviews in Budget 2018.

The government will also introduce legislative changes to improve the organization and efficiency of government operations, as needed.